Jürgen Herrmann wrote at 2005-10-19 15:34 +0200:
>i use the SimpleUserFolder product and derive a MyUser class from it's
>included User class, which in turn inherits from BasicUser.
>
>the SimpleUserFolder's User class does neither reimplement
>getRolesInContext() nor allowed(). i looked at the source of
>BasicUser (lib/python/AccessControl/User.py) and found out that
>allowed() does not use the information provided by getRolesInContext().
>i found this comment:
>        # Still have not found a match, so check local roles. We do
>        # this manually rather than call getRolesInContext so that
>        # we can incur only the overhead required to find a match.
>
>so if i reimplement getRolesInContext() in MyUser, i'll probably also
>have to reimplement allowed() to reflect the possibly added local roles,
>right?

Yes.

> ...
>ps: looking at the code of allowed() i doubt that the "manual" checking
>of local roles will speed this method up a lot: local roles seem to be
>a seldomly used feature, the improvement in speed would only occur if
>the object in question was protected by a local role

Be careful about terminology! Objects are not protected by roles
(but by permissions).

You gain something if a near local role grants the necessary
permission.
The "Owner" local role tends to be very near.

Thus, you may gain, when usually owners try to execute protected
methods.

>(and not a normal
>one). is this enough to justify duplicated code with all of it's
>disadvantages)?

Nobody prevents you to implement your "allowed" by means
of "getRolesInContext".

-- 
Dieter
_______________________________________________
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )

Reply via email to